Software Integrity

Archive for the 'Cloud Security' Category


Survey: Data management is an afterthought in cloud migration

Moving virtualized workloads to the cloud is either a reality or a near-term goal for an overwhelming majority—90%—of 170 organizations surveyed during July and August by Druva, a cloud data management and security company. But the forecast for the security and management of company data in that setting is, well, cloudy at best. The survey […]

Continue Reading...

Posted in Cloud Security, Privacy


How can SMBs maximize AppSec returns on an SMB budget?

Small and medium-size businesses (SMBs) are nonsubsidiary, independent firms that employ fewer than a given number of employees. This number varies from country to country: Gartner defines an SMB as having fewer than 1,000 employees, but the European Union defines an SMB as having fewer than 250 employees. Managing an SMB budget Many factors affect […]

Continue Reading...

Posted in Application Security, Cloud Security, Data Breach, Software Security Program Development, Static Analysis (SAST)


7 things to consider when transitioning your applications to the cloud

Written in coordination with Ugochukwu Enyioha Organizations are moving their applications to the cloud (or using the cloud as a starting point for application development) at an astonishing rate. According to Forbes, 73% of companies are planning to move to a fully software-defined data center within 2 years. The shift is motivated by three primary […]

Continue Reading...

Posted in Agile Methodology, Cloud Security, DevOps


The 4 most important secure development disciplines

Being the most innovative and successful cloud monitoring company on the market, developing new features to production every day, it’s not only crucial to deliver the best user experience, performance and high reliability, but also guarantee the highest SECURITY for our customers. To not let security measures slow down our agile and innovative value creation […]

Continue Reading...

Posted in Cloud Security, DevOps, Penetration Testing, Static Analysis (SAST)


What is cloud-native container security?

Security technology is changing for the better as the container deployment model makes it easier to automate application security. This means that as more enterprises deploy containers to public and private clouds they are able to incorporate security automation into their continuous integration and deployment (CI/CD) pipeline. Cloud-native container security is a term that describes […]

Continue Reading...

Posted in CI/CD, Cloud Security, Containers, DevOps


A primer on protecting keys and secrets in Microsoft Azure

Supporting data confidentiality, including encryption keys and certificates, is a critical task. In cloud-hosted workloads, the requirements are even more complex as different actors need to mediate access to sensitive material. According to the Ponemon Institute’s 2015 Cost of Failed Trust Report, “Security professionals believe that, over the next two years, the risk facing every […]

Continue Reading...

Posted in Application Security, Cloud Security, Cryptography


Introducing Black Duck CoPilot

Today we’re happy to announce the release of Black Duck CoPilot by Synopsys (, a new cloud service that helps open source project teams catalog and report on their project’s dependencies and vulnerabilities. What is CoPilot and what does it do? Black Duck CoPilot is FREE for open source developers who use (the #1 […]

Continue Reading...

Posted in Cloud Security, DevOps


CORD Project: Driving network solutions with open source

CORD® (Central Office Re-architected as a Datacenter) is a platform leveraging leading edge SDN, NFV and Cloud technologies to build nimble in-line datacenters at the edge of operator networks. CORD integrates a curated collection of dozens of leading open source projects, thus making a fully-integrated platform for building innovative solutions available for network operators. Designed […]

Continue Reading...

Posted in Black Duck by Synopsys, Cloud Security, Open Source Security


What the Aporeto Trireme Project means for the security community

With extensive experience in networking, security, and cloud, our founding team here at Aporeto, the company behind Trireme, embarked on a journey to redefine application security with the help of the cloud. Some of us have spent a lot of years in the network and SDN worlds. As we were operationalizing data center networks, it became […]

Continue Reading...

Posted in Application Security, Black Duck by Synopsys, Cloud Security


With comparisons to Heartbleed, Cloudbleed may affect millions

A researcher from Google disclosed on Thursday that private messages, API keys, and other sensitive data were being leaked by a major content delivery network to random requesters, a leakage that could affect up to 5.5 million websites. Like Heartbleed, which was co-discovered by the Synopsys team in Oulu, Finland, and Google in April 2014, […]

Continue Reading...

Posted in Application Security, Cloud Security, Fuzz Testing, Software Security Testing, Vulnerability Assessment